Bug fix: If the allocation of a socket failed and we

freed the inpcb, it was possible to not set the
proper flags on the pcb (i.e. the socket is not there).
This is HIGHLY unlikely since no one else should be
able to find the socket.. but for consistency we
do the proper loop thing to make sure that we
mark the socket as gone on the PCB.
This commit is contained in:
Randall Stewart 2010-01-17 19:47:59 +00:00
parent d3e5c802a9
commit e34b217f91

View File

@ -551,6 +551,7 @@ sctp_attach(struct socket *so, int proto, struct thread *p)
sctp_log_closing(inp, NULL, 17);
#endif
if (error != 0) {
try_again:
flags = inp->sctp_flags;
if (((flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) &&
(atomic_cmpset_int(&inp->sctp_flags, flags, (flags | SCTP_PCB_FLAGS_SOCKET_GONE | SCTP_PCB_FLAGS_CLOSE_IP)))) {
@ -561,7 +562,12 @@ sctp_attach(struct socket *so, int proto, struct thread *p)
sctp_inpcb_free(inp, SCTP_FREE_SHOULD_USE_ABORT,
SCTP_CALLED_AFTER_CMPSET_OFCLOSE);
} else {
SCTP_INP_WUNLOCK(inp);
flags = inp->sctp_flags;
if ((flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) {
goto try_again;
} else {
SCTP_INP_WUNLOCK(inp);
}
}
return error;
}